CREATE CERTIFICATE

Add a certificate to the database.

Syntax:
      CREATE CERTIFICATE certificate [ AUTHORIZATION user_name ] 
         {FROM existing_keys | generate_new_keys }
            [ACTIVE FOR BEGIN_DIALOG =  {ON | OFF }]
        

   existing_keys:
       ASSEMBLY assembly_name
       {[EXECUTABLE ] FILE = 'path_to_file' [WITH PRIVATE KEY ( private_key_options )]}
        
   generate_new_keys: 
       [ENCRYPTION BY PASSWORD = 'password'] 
           WITH SUBJECT = 'certificate_subject_name' 
              [ , date_options [ ,...n ] ]

   private_key_options:
       FILE = 'path_to_private_key'
          [, DECRYPTION BY PASSWORD = 'password' ]
             [, ENCRYPTION BY PASSWORD = 'password' ]  

   date_options:
       START_DATE = 'mm/dd/yyyy'
       EXPIRY_DATE = 'mm/dd/yyyy'

Key:
 user_name        The user that will own the certificate.
 assembly_name    A signed assembly already loaded into the database.
 path_to_file     The path (local or UNC) , including filename
                  to a DER-encoded file that contains the certificate.
 WITH PRIVATE KEY  Load the private key of the certificate into SQL Server. 
 START_DATE       Date the certificate becomes valid (default=current date.)
 EXPIRY_DATE      Date the certificate expires (default= 1 year after START_DATE)
 ACTIVE FOR BEGIN_DIALOG Make available to the initiator of a Service Broker dialog conversation.

Users of these built-in functions for encryption and signing must decide when to check if the certificate has expired.

Example

USE MyDb;
CREATE CERTIFICATE SS64 
   ENCRYPTION BY PASSWORD = 'pG6464qwerty247y'
   WITH SUBJECT = 'Demonstration certificate', 
   EXPIRY_DATE = '02/28/2014';
GO

“So I took the chef out for a few drinks and,hey presto, the recipe was mine” - Bill Wyman

Related Commands:

CREATE CERTIFICATE
DROP CERTIFICATE
BACKUP CERTIFICATE
X.509 standard

Equivalent Oracle commands:

Oracle Wallet:
ALTER SYSTEM SET ENCRYPTION KEY..
ALTER SYSTEM SET WALLET..